Bugtraq: Regarding Mudge's OBP/FORTH root hack (PHRACK53)

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Regarding Mudge's OBP/FORTH root hack (PHRACK53)

From: jnunn6 () RAWTEN OFF AI (Jericho Nunn)
Date: Fri, 10 Jul 1998 02:12:52 -0600


Hi,

    Aside from the fact that it left me quite flabbergasted for quite
some time, mudge's OBP memory manipulation for aquiring root priviledges
poses a serious risk for environments where SUN workstation consoles are
easily accesible to unpriviledged individuals, such as university labs.

    An easy and quick work-around that avoids granting  just anybody at
the console the ability to "Stop-A" and drop into OBP, is to enable the
"security-mode" and "security-password" variables within OBP.  Changing
the default value of "security-mode" from 'none' to 'full', forces a
user who tries to halt the system to authenticate against the password
defined in "security-password" before having access to the OBP command
line.

    Again, mudge never stops to amaze....

Regards,
Jericho.

By Date By Thread

Current thread:

SLMail 3.0.2421 Stack Overflow..., (continued)
- Re: SmurfLog 1.0 Solar Designer (Jul 06)
  - Re: SmurfLog 1.0 Bug Lord (Jul 10)
- port 0 scanning Lamont Granquist (Jul 08)
  - Re: port 0 scanning Lamont Granquist (Jul 09)
    - Regarding Mudge's OBP/FORTH root hack (PHRACK53) Jericho Nunn (Jul 10)
    - Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) John W. Temples (Jul 11)
    - Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Casper Dik (Jul 13)
    - Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Gene Spafford (Jul 11)
    - Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Mike Scher (Jul 11)
    - Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Casper Dik (Jul 13)